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REMARKS 



Claims 1-7 and 9-22 are pending in this application. Reconsideration and allowance in 
view of the following remarks are respectfully requested. 

By this Amendment, claims 1, 7, 14, 16, 17 and 18 are amended and claim 22 is added. 
No new matter is presented by this Amendment. Support for the amendments to the claims may 
be found* for example, at page 6, lines 1-2; page 9, line 16 - page 10, line 13; page 10 t lines 14- 
17; page 12, lines 12-16; and in the drawings, for example. 
I. The Telephone Discussions with the Examiner 

Applicant's representative, James Miner, appreciates the courtesies extended by the 
Examiner in the telephone discussions of April 20 and 27, 2006. In the discussions, various 
aspects of the claimed invention, the disclosed invention and the applied art were discussed. In 
particular, the nature of the direct interaction between the host service provider and universal 
session manager vis-a-vis the remote service provider, as disclosed in the present invention, was 
discussed. 

I. THE CLAIMS DEFINE PATENTABLE SUBJECT MATTER 
A. The Rejection of Claims 1-4. 6. 7. 9-15. 17 and 19-21 

In paragraph 3, the pending Office Action rejects claims 1-4, 6, 7, 9-15, 17 and 19-21 
under 35 U.S.C. 103 by Freund> U.S. Patent No. 5,987,61 1 in view of He, U.S. Pat. No. 
6,088,45 1 . This rejection is respectfully traversed, 



Claim 1 recites a method for providing accessibility to a plurality of remote service 
providers across a network via a single login to a host service provider, each of the plurality of 
remote service providers being accessible through the host service provider and each of the 
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plurality of remote service providers having separate login procedures requiring data. As 
discussed in prior communications, claim 1 sets forth various other features. 

In particular, amended claim 1 recites the host service provider directing the user to the 
remote service provider in such manner that the user is presented with information, in a single 
graphical user interface, that is provided by both the host service provider and the remote service 
provider. 

Accordingly* such amended features of claim 1 further reflect the nature of the direct 
interaction between the universal session manager and the remote service provider, and the 
interrelationship therebetween. This is in sharp contrast to the teachings of the applied art. 

The Examiner is respectfully requested to reconsider and withdraw the 35 U.S.C §103 
rejection as set forth in the Office Action. As reflected in claim 1, the teachings of Freund are 
substantially different then the present invention, and as discussed below, He fails to cure the 
deficiencies of Freund, 

In paragraph 3, the Office Action alleges various assertions as to the manner in which 
Freund teaches the claimed invention. The Office Action asserts that as to claim 1, Freund 
discloses a method for accessing one of a plurality of remote service providers (web server 350's 
of fig. 3B can be Internet Service providers) across a network via a single login to a host service 
provider (320a fig* 3B), each of the plurality of remote service providers being accessible 
through the host service provider, and each of the plurality service providers having separate 
login procedures requiring data. 

The Office Action further asserts that Freund teaches the host service provider (320a fig. 
3B) receiving the single login (providing remote login from clients 31 O's fig. 3 A), the host 
service provider (see abstract, fig. 3B, col. 21 line 47 to col. 22 line 21). The Office Action 
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asserts that Freund teaches a universal session manager (373 fig. 3B) retrieving data from a 
validation database (374 fig. 3B) based on the single login, wherein the data is effective for 
accessing a remote service provider and is based at least in part on the received username and 
password (i.e., monitoring user access, col. 22 line 23 to col 23 line 55). These assertions as set 
forth in the Office Action are respectfully traversed. 

For the reasons set forth herein, Freund and/or He fail to teach or suggest the invention as 
recited in claim 1, either alone or collectively. Freund is directed to a system and methodology 
for managing internet access on a per application basis for client computers connected to the 
internet. Applicant respectfully submits that this title is representative, and that Freund relates 
to Internet access - and is different than the claimed invention. 

In column 8, lines 40-65, Freund describes an Internet access monitoring system 
including that: (1) the system should preferably be capable of restricting access to the Internet (or 
other Wide Area Network) to certain approved applications or/and application versions* (2) The 
system should preferably support centrally-maintained access rules (e.g M defining basic access 
rights), but at the same time allow individual workgroup managers or even individual users to set 
rules for their area of responsibility, if so desired by the organization. (3) The system should 
preferably prevent users from circumventing Internet access rules, either accidentally or 
intentionally. 

In the rejection, the Office Action refers to the teachings of Freund in columns 21 and 22. 
In column 22, lines 7-21, for example, Freund teaches that in an embodiment of Freund, the ISP 
installs an additional central server component 370 to host the central supervisor application; this 
new component comprises an ISP authentication server 371 and an ISP supervisor server 372 
(which includes a central supervisor application 373). After the central ISP authentication server 
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371 has established the authenticity of the user, it contacts the central supervisor application 373 
in order to find out if the user has established additional access monitoring services. In such a 
case, the ISP authentication server 371 signals the POP server 320a to only allow limited access 
to the Internet and redirect all requests to a "Sandbox" server application shown at 374, on the 
central supervisor server 372. This "Sandbox" server 374 restricts the clients Internet access to a 
very limited account maintenance site. 

Of particular note vis-k-vis the teachings of Freund. claim 1 recites the universal session 
manager transmitting said data to the remote service provider, the universal session manager and 
the remote service provider exchanging the data to effect a two-sided authentication; and the host 
service provider directing the user to the remote service provider in such manner that the user is 
presented .with information, in a single graphical user interface, that is provided by both the host 

service provider and the remote service provider. 

Thus, claim 1 recites a particular interrelationship between the universal session manager 
and the remote service provider, and the information that is collectively presented by the host 
service provider and the remote service provider. Freund fails to teach this interrelationship, 

The Office Action attempts to cure the deficiencies of Freund with the teachings of He. 
That is, the Office Action acknowledges that Freund does not disclose transmitting data to the 
remote service provider and directing the user to the remote service provider after the remote 
service provider exchanging the data to effect a two-sided authentication and the host service 
provider directing the user to the remote service provider. The Office Action asserts that 
however* He discloses transmitting data to the remote service provider and directing the user to 
the remote service provider after the remote service provider exchanging the daia to effeci a two- 
sided authentication and the host service provider (credential server 204 fig. 2) for directing the 



10 

PAGE 14/21 * RCVD AT 5/1/2006 9:27:53 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-6/36 * DNIS:2738300 * CSID:703 714 7416 * DURATION (mm-ss):0540 



MAY-lM-06 21:34 F rom:HUNTON & WILLIAMS 703-714-7416 T-604 P. 15/21 Job-326 

Application Serial No.: 09/591,687 Attorney Docket No*; 47004.000074 

user to the remote service provider (using credential server 204 to manage user credentials with 
authentication server 202. see fig. 2. abstract see col. 1 1 line 54 to col. 12 line 33 and col. 12 
line 65 to col. 13, line 63). 

Accordingly, the Office Action proposes to combine the teachings of Freund and He. 
Specifically, the Office Action asserts that it would have been obvious to one of the ordinary 
skill in the art at the time the invention was made to implement He's teachings into the computer 
system of Freund to control network access because it would have relieved the administrative 
burden to effectively and efficiently control and manage user credentials and thus enabled the 
enhanced the effectiveness of the access control mechanisms. These assertions are traversed. 

Applicant maintains that the applied art fails to teach or suggest the claimed invention for 
the various reasons as set forth in the prior October 5, 2005 Response. Claim 1 is further 
distinguished from the applied art based on the amended language of claim 1. 

He is directed to a security system and method for network element access. In column 2 
lines 12-24, He teaches the security system provides security mechanisms using a network 
security server coupled to a network. The network security mechanisms include an 
authentication server, a credential server, and a network element access server. The method 
controls access to network elements by user elements and protects network resources and 
information. The method provides authentication of the network users to the network elements 
using the authentication server. Managing network user credentials or privileges is performed by 
the credential server, associated with the authentication server. Access to the network elements 
by the user elements is controlled by the network element access server, associated with the 
authentication server and the credential server. 
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Of particular note, He teaches that in the processing, a general ticket is provided to each 
user element at log on to facilitate ftuure access requests. The general ticket is presented to the 
network security server each time the user element initiates a communication session. The 
general ticket is used by the network security server to authenticate access requests without 
having to verity user credentials for each access request. If upon initiation of a communication 
session the general ticket is authenticated, the network security server generates a session ticket 
and provides the user element with the session ticket and a unique session encryption key. The 
session ticket is used by the user clement to communicate with the selected network element 
Applicant submits that the utilization of He's ticket is different than the interrelationship set forth 
in the claimed invention. 



For example, at column 18, line 66, He teaches upon receiving the request message, the 
credential server 204 retrieves the information in the ticket and verifies that the request is indeed 
sent from the correct user. Based on the user identifier, the credential server 204 will retrieve the 
list of user credentials from the registration database 210 and enclose the list in a credential 
ticket. The credential ticket is sent back in a response message and will be used for the user to 
communicate with the network element access server 206. Accordingly, such interaction fails to 
teach or suggest the features of claim 1 noted above. 



Applicant further submits that the applied art fails to teach or suggest the features of 
claim 7, Claim 7 recites a system for providing accessibility to a plurality of remote service 
providers via a single login to a host service provider* each of the plurality of remote service 
providers being accessible through the host service provider and each of the plurality of remote 
service providers having separate login procedures requiring data. 



2, 
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In particular, claim 7 recites a particular interrelationship between the remote service 
provider and the universal session manager* That is, claim 1 recites the universal session 
manager receiving data from a validation database based on the single login to the host service 
provider, the universal session manager passing the data, which is required for access to the 
remote service provider, directly to the remote service provider, the universal session manager 
and the remote service provider exchanging the data to effect a two-sided authentication, the 
two-sided authentication being performed directly between the universal session manager and 
the remote service provider. 

He fails to teach or suggest such features and the interrelationship and exchange of 
information between the universal session manager and the remote service provider. 

Instead, for example. He teaches to gain the right to access a network element, the user 
communicates with the network element access server 206 to specify the name of the network 
element 104. Upon receiving the access request, the network element access server 206 will 
check an internal access matrix to determine whether the user is allowed any access at all to the 
specified network element 104. 

Of particular note, He teaches if such check is successful, the network element access 
server will issue a certificate or ticket to the user. The ticket is the necessary piece of 
information that has to be presented in all communication between the user and the network 
element 104 for access to any resources and information in the element. 

In contrast to He's manipulation of the certificate or ticket to the user* claim 1 recites the 
universal session manager passing the data, which is required for access to the remote service 
provider, directly to the remote service provider, the universal session manager and the remote 
service provider exchanging the data to effect a two-sided authentication, the two-sided 
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authentication being performed directly between the universal session manager and the remote 
service provider. He utterly fails to teach such processing. Instead, He teaches the use of 
tickets, as described above. 

Applicant further submits that the one of ordinary skill would not have been motivated to 
combine the teachings of Freund and He as proposed in the Office Action, The very basis of the 
motivation to combine He's teachings into Freund is to control network access. See Office 
Action page 4, line 3. However, the title of Freund*s invention is system and methodology for 
managing internet access on a per application basis for client computers connected to the 
internet. That is, Freund itself is directed to control network access. Accordingly, Applicant 
submits that the motivation for combination as set forth in the Office Action is simply not 
supportable, i.e., in that the motivation is based on an alleged deficiency of Freund, which is 
simply not present. 

Applicant respectfully submits that Freund and He fail to teach or suggest the features of 
claim 7, as well as claim 1, for at least the reasons set forth above. 



Applicant submits that the dependent claims recite patentable subject matter at least for 
their various dependencies on claims 1 and 7, as well as for the additional subject matter recited 
in such dependent claims. In particular, for example, various dependent claims further recite the 
interrelationship between the universal session manager and the host service provider vis^a-vis 
the remote service provider, and/or features relating to the information that is presented to user 
by the remote service provider and the host service provider, collectively. The Examiner is 
urged to review these dependent claims. 



3. 



The Dependent Claims Recite Patentable Subject Matter 
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For example, claim 14 is ultimately dependent on claim 7 and recites wherein the host 
service provider directing the user to the selected one of the plurality of remote service providers 
using the data includes presenting the user with information, in a single graphical user interface, 
that is provided by both the host service provider and the remote service provider. Such features 
set forth a novel manner of conveying information to the user (in conjunction with the features of 
claim 7) that is not taught or suggested by the applied art. 

Further, claim 16, dependent on claim U recites particulars of the recited triple 
handshake. Further, claim 17 recites that each step of the triple handshake is effected directly 
between the universal session manager and the remote service provider. 

The applied art, either alone or collectively, fail to teach or suggest such claimed features. 
Withdrawal of the 35 U.S.C §103 rejection is respectfully requested. 

B. The Rejection of Claims 5 T 16 and 1 8 under 35 tLS.C, 8 1 03 

In the Office Action, claims 5, 16 and 18 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Freund and He and in view of Kirsch U.S. Patent No. 5,963,915. 

The Office Action asserts that Freund does not specifically disclose a triple handshake 
and a cookie, but that however, Kirsch discloses a triple handshake and a cookie (i.e., providing 
a cookie and a series of handshake transactions to negotiate the establishment of the secure 
transactions between the servers, see col. 2 lines 1-46 and col. 8 lines 12-63). The Office Action 
further alleges that it would have been obvious to one of the ordinary skill in the art at the time 
the invention was made to implement Kirsch's teachings into the computer system of Freund to 
process data transaction over the Internet because it would have provided automatic 
simultaneous purchase transactions handling for both secure and insecure client browsers and 
increased levels of authentication of data communications in the Internet. 
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Illustratively, Kirsch teaches that a facility known as persistent client-side cookies has 
been introduced to provide a way for server systems to store selected information on client 
systems. Cookies are created at the discretion of the server system in response to specific client 
URL requests. Part of the server response is a cookie consisting of a particularly formatted string 
of text including a cookie identifier* a cookie path, a server domain name and, optionally* an 
expiration date, and a secure marker. Kirsch further describes that a conventional uniform 
resource locator (URL), utilizing "https" as the secure HTTP protocol identifier, is issued by the 
client browser to specifically request a secure client/server session. A series of handshake 
transactions are provided to negotiate the establishment of the secure session including 
performing an encryption key exchange that is used in an encryption algorithm implemented by 
both the client-side and server-side secure sockets layers. 

However, Applicant submits that even if it were obvious to somehow use Kirsch* s 
teachings relating to cookies and authorization techniques, which Applicant does not admit to be 
the case, to modify Freund, such combination would still fail to teach or suggest the claimed 
invention. 

It is submitted that Freund, He and Kirsch, either alone or in combination, fail to teach or 
suggest the claimed invention. Withdrawal of the 35 U>S*C. § 103 rejection is respectfully 
requested. 

H. CONCLUSION 

For at least the reasons outlined above, Applicant respectfully asserts that the application 
is in condition far allowance. Favorable reconsideration and allowance of the claims are 
respectfully solicited. 
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For any fees due in connection with filing this Response the Commissioner is hereby 
authorized to charge the undersigned's Deposit Account No. 50-0206. 

Should the Examiner believe anything further is desirable in order to place the 
application in even better condition for allowance, the Examiner is invited to contact Applicant's 
undersigned representative at the telephone number listed below. 



Hunton & Williams 
1900 K Street, N.W., Suite 1200 
Washington, D.C 20006-1109 
(202) 955-1500 



Dated: May 1,2006 
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